Security

Spectops is designed for high-impact operational changes. Security is not only about authentication; it is also about preventing accidental mistakes during incidents.

• Safety-first policy: whitelist-first precedence and clear rules of engagement.
• Visibility: know what changed, when, and by whom.
• Least privilege: use scopes and access controls for automation.

• Enable 2FA: prefer TOTP where available; keep recovery codes safe.
• Use strong passwords: long, unique, and managed by a password manager.
• Restrict login IPs: limit access to trusted networks when possible.
• Review active sessions: revoke old sessions after staff changes or incidents.

• Scope API keys: grant only the permissions needed by a tool or workflow.
• Rotate keys: treat keys as secrets and rotate on schedule or after any exposure.
• Restrict by IP where possible: reduce blast radius for automation credentials.
• Webhook hygiene: validate payloads and handle retries safely on your side.

If you believe you found a security vulnerability, contact us at security@localhost.

Please include reproduction steps, impact assessment, and any relevant logs or screenshots (sanitized).